NEAS[.]22d1d944ee02ee8333135bd3d3e1a710_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.22d1d944ee02ee8333135bd3d3e1a710_JC.exe
Size

150KB
MD5

22d1d944ee02ee8333135bd3d3e1a710
SHA1

26f1ca50a899ac998415b1b12b7c0a5906f89510
SHA256

1a9defad0136f023036e8283a6aec9edfa87b3fc9443308183174773bac2f937
SHA512

313c3538caa19eb7f76587eaa075323282db4fd007c10203a2b899a6f32a22b3bf003ad3c6573c509733872142765437d11297c089f79cd2775a0aa3089f60d4
SSDEEP

3072:7Aji4nTkCMflHkyY7uBvvWbpfrTrKDARSiLvbMLfmPwk6S4nDgUX:7AjlYCMM2HWbRvrQAZvQLowHM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.22d1d944ee02ee8333135bd3d3e1a710_JC.exe

Files

NEAS.22d1d944ee02ee8333135bd3d3e1a710_JC.exe
.exe windows:4 windows x86

8cbe4889d4b5e9b148d2887916ab5828

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
CreateEventW
DuplicateHandle
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToSystemTime
FindClose
FindNextFileW
FindResourceA
FindResourceW
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetLastError
GetLocaleInfoW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringA
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultLCID
GetVersionExW
GlobalAlloc
GlobalFree
GlobalReAlloc
HeapAlloc
HeapCreate
HeapReAlloc
HeapSize
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
IsBadWritePtr
IsDebuggerPresent
LCMapStringW
LoadLibraryA
LocalFileTimeToFileTime
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
ResetEvent
RtlUnwind
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SizeofResource
TerminateThread
TlsFree
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WriteConsoleA
WritePrivateProfileStringA
lstrcmpA
lstrcmpiW
lstrcpyA
lstrcpynA
lstrlenA
lstrlenW

user32

CallWindowProcA
DefWindowProcA
DestroyIcon
DestroyMenu
DispatchMessageA
DrawIcon
DrawIconEx
EmptyClipboard
EnableWindow
EndDialog
EnumThreadWindows
EnumWindows
EqualRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetKeyState
GetMenuState
GetMessageA
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetWindow
GetWindowTextA
InsertMenuItemA
IntersectRect
IsChild
IsDialogMessageA
IsIconic
IsWindow
LoadIconA
LoadStringA
MessageBeep
PtInRect
RegisterClipboardFormatA
RemoveMenu
RemovePropA
SetActiveWindow
SetPropA
SetScrollInfo
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
TranslateMessage
UnregisterClassA
WaitMessage
WinHelpA
WindowFromPoint

gdi32

AbortDoc
BeginPath
CloseEnhMetaFile
CloseMetaFile
CombineRgn
CopyEnhMetaFileA
CreateDCW
CreateDIBPatternBrushPt
CreateDIBSection
CreateEllipticRgn
CreateHalftonePalette
CreatePatternBrush
CreateRectRgnIndirect
CreateSolidBrush
DeleteEnhMetaFile
DeleteObject
EndDoc
EnumFontFamiliesExA
EnumFontsA
Escape
ExcludeClipRect
ExtEscape
ExtTextOutA
GdiFlush
GetBkMode
GetBrushOrgEx
GetCurrentObject
GetDIBits
GetDeviceCaps
GetEnhMetaFileDescriptionA
GetEnhMetaFileHeader
GetMapMode
GetObjectW
GetOutlineTextMetricsA
GetROP2
GetTextAlign
GetTextCharsetInfo
GetTextColor
GetTextExtentExPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextFaceA
GetTextFaceW
GetViewportOrgEx
GetWinMetaFileBits
LPtoDP
MoveToEx
OffsetClipRgn
PlayMetaFile
PtVisible
RealizePalette
Rectangle
RestoreDC
SetAbortProc
SetBkMode
SetMetaFileBitsEx
SetPixel
SetStretchBltMode
SetViewportExtEx
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
TextOutA
TranslateCharsetInfo

shell32

CommandLineToArgvW
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
ExtractAssociatedIconW
ExtractIconA
ExtractIconW
SHAppBarMessage
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderW
SHChangeNotify
SHFileOperationA
SHGetFolderLocation
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSettings
ShellExecuteA
ShellExecuteEx
ShellExecuteExW
Shell_NotifyIconA

comctl32

CreateToolbarEx
ImageList_BeginDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_GetBkColor
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Write
InitCommonControls

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
CloseServiceHandle
ControlService
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
DeregisterEventSource
EqualSid
GetLengthSid
GetUserNameA
InitializeAcl
InitializeSecurityDescriptor
InitiateSystemShutdownA
IsValidSid
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenSCManagerW
OpenThreadToken
RegCreateKeyA
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyA
RegEnumKeyExA
RegEnumKeyExW
RegEnumKeyW
RegEnumValueA
RegFlushKey
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExW
RevertToSelf

msvcrt

_CIfmod
_Getmonths
__isascii
_amsg_exit
_dup2
_endthread
_finite
_ftime
_ismbblead
_ismbcprint
_open
_rmdir
_strdate
_strtime
_telli64
_wfullpath
_wremove
_wtol
ferror
floor
fmod
free
getenv
iswpunct
mbstowcs
memcmp
memcpy
putc
rename
setbuf
strchr
strlen
strtod
strxfrm
time
toupper
wcsftime
wcsncpy

oleaut32

CreateErrorInfo
LoadTypeLib
RegisterTypeLib
SafeArrayPtrOfIndex
SafeArrayPutElement
SetErrorInfo
SysAllocStringLen
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantChangeTypeEx
VariantCopyInd
VariantInit

version

GetFileVersionInfoA
VerLanguageNameA
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cbe4889d4b5e9b148d2887916ab5828

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

advapi32

msvcrt

oleaut32

version

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 86KB - Virtual size: 86KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 86KB - Virtual size: 86KB

.rsrc
Size: 16KB - Virtual size: 16KB